Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2163
Views
0
Helpful
4
Replies

vlan over wireless bridge with internet sharing?

andreskruse
Level 1
Level 1

‎10-05-2010 09:49 AM - edited ‎03-06-2019 01:20 PM

Hi Community, my first post here, hoping somebody may be able to advise...

I live on a farm which is too far for broadband but fortunately I also have an office in a nearby town and because I have line of sight I have setup a wireless bridge, this gives me 8 MBits which is wonderful. Some of my equipment, for example a NAS is on the farm, and I need to access them from the office via the wireless link and I occasinally use vnc to access my office desktop from the farm. This all works beautifully.

Ok. now I want to share my internet with my neighbor on the farm, who, in a strange twist also rents an office next to mine downtown, so I would like to give him access to the internet and to his equipment he has there too.. but I don't want him to be able to access my equipment and visa versa I don't want to see his stuff...

This sounds like a job for port based VLAN.. and so what I bought is two Linksys/Cisco SLM2005 layer2 switches in the hope that this would allow me to do what I want... but I'm not so sure now. In the office I use a draytek v2910 which has a vlan feature that allows me to separate the ports from each other, only giving them internet access.

So... if I connect these two switches to each other, and I create a VLAN with the same id on each of the switches, will the corresponding vlans be shared, so, if you assume the following hardware setup:

farm: slm2005 switch

port 1 -> wireless bridge to office: member of vlan "2", "3"

port 2 -> access point A for neighbor: member of vlan "2"

port 3 -> my own access point B: member of vlan "3"

office: slm2005 switch

port 1 -> wireless bridge to farm: member of vlan "2", "3"

port 2  -> access point C for neighbor: member of vlan "2"

port 3 -> my access point for office D: member of vlan "3"

port 4 -> router port 1: member of vlan "2"

port 5 -> router port 2: member of vlan "3"

the router (draytek v2910) is configured in such a way to separate port 1 and port 2 (otherwise there would be a loop...)

The idea here is to create a vlan "2" for my neighbor and "3" for myself. but what's the correct way to consider the wireless bridge inbeetween (in fact, I think the same problem would occur if I just connected the two switches with a cable (if i had a 2 mile long one..)...)

Will my neighbor be able to see both access points "A" and "C" and the internet, but not be my access points "B" and "D"? Or does this whole concept of VLAN over bridge not work like this, or not at all?

Thanks in advance for any advice,

Andres

Labels:
0 Helpful
4 Replies 4

Nicolas Darchis
Cisco Employee
Cisco Employee

‎10-17-2010 12:57 AM

Hi Andreas,

you're not far from it.

Your whole concept is ok. What you just need is on the gateway of each subnet (I would presume it's the router in the office) to create an access list preventing to route between vlan 2 and 3.

On all other devices,  traffic can't jump between vlans. But on a routing device that has the Vlan layer3 interfaces, traffic is routed between vlans so that's where you need to prevent it.

With regards to vlans over wireless, you're also having the good concept. The point is to have only 1 ssid, that will be in a certain vlan, but also bridging the other vlans onto that ssid.

This doc should help you out :

http://www.cisco.com/en/US/partner/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#vlanbr

HTH,

Nicolas

---

Thanks to rank the answer if you see it as useful !

0 Helpful

andreskruse
Level 1
Level 1
In response to Nicolas Darchis

‎10-17-2010 02:03 PM

Hi Nicolas,

thats encouraging. I'll have a go and report back.

Re the link you posted, I cannot seem to access that particular document...

Thanks,

Andres

0 Helpful

George Stefanick
VIP Alumni
VIP Alumni

‎10-17-2010 01:24 PM

Your concept is correct. I may have overlooked it, but what model bridge are you using?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

andreskruse
Level 1
Level 1
In response to George Stefanick

‎10-17-2010 02:00 PM

its a Repeatit bridge, a pair of SU-5410a to be exact. it creates a bridge using 802.11a and works fine over 2 miles.

my worry is that I might create a loop with connecting two of the ports of the SLM2005 to the Draytek Vigor 2910 router. However, I think it will work if I use the built-in "VLAN" capability of the draytek (not compatible with any standard protocol): The router allows me to isolate ports from each other, so I think there is no loop.

I guess, coming from the primitive (but functional) Draytek I wasn't sure whether the VLANs on the Linksys/Cisco switches work even on separate switches... but it sounds like they do..

thanks for your help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card